summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apt-pkg/deb/deblistparser.cc17
-rw-r--r--debian/changelog4
2 files changed, 15 insertions, 6 deletions
diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index 00e2bd900..7bef6772c 100644
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -215,15 +215,22 @@ string debListParser::DescriptionLanguage()
*/
MD5SumValue debListParser::Description_md5()
{
- string value = Section.FindS("Description-md5");
-
- if (value.empty())
+ string const value = Section.FindS("Description-md5");
+ if (value.empty() == true)
{
MD5Summation md5;
md5.Add((Description() + "\n").c_str());
return md5.Result();
- } else
- return MD5SumValue(value);
+ }
+ else if (likely(value.size() == 32))
+ {
+ if (likely(value.find_first_not_of("0123456789abcdefABCDEF") == string::npos))
+ return MD5SumValue(value);
+ _error->Error("Malformed Description-md5 line; includes invalid character '%s'", value.c_str());
+ return MD5SumValue();
+ }
+ _error->Error("Malformed Description-md5 line; doesn't have the required length (32 != %d) '%s'", (int)value.size(), value.c_str());
+ return MD5SumValue();
}
/*}}}*/
// ListParser::UsePackage - Update a package structure /*{{{*/
diff --git a/debian/changelog b/debian/changelog
index 799653d5f..72830ad91 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,8 +28,10 @@ apt (0.9.3) unstable; urgency=low
- use the correct library name the symbols header
* apt-pkg/pkgcachegen.cc:
- check if NewDescription allocation has failed and error out accordingly
+ * apt-pkg/deb/deblistparser.cc:
+ - check length and containing chars for a given description md5sum
- -- David Kalnischkies <kalnischkies@gmail.com> Wed, 02 May 2012 21:59:02 +0200
+ -- David Kalnischkies <kalnischkies@gmail.com> Wed, 02 May 2012 22:28:32 +0200
apt (0.9.2) unstable; urgency=low